Skip to content

Add accounts_password_pam_unix_enabled to RHEL 10 CIS #14222

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Mab879 merged 2 commits into from
Dec 10, 2025
Merged

Add accounts_password_pam_unix_enabled to RHEL 10 CIS #14222

Mab879 merged 2 commits into from
Dec 10, 2025

Conversation

@jan-cerny
Copy link
Collaborator

@jan-cerny jan-cerny commented Dec 8, 2025

Add rule accounts_password_pam_unix_enabled to RHEL 10 CIS and update it for RHEL 10. The rule has originally been written for Ubuntu, it needed modifications for RHEL 10 because the configuration is little different.

The rule doesn't have remediation on RHEL 10 because the remediation is covered by a different control in CIS and users should use authselect to configure PAM modules. Notice that the remediation code in the CIS requirement 5.3.1.5 is a read-only script.

Resolves: https://issues.redhat.com/browse/OPENSCAP-6125

@jan-cerny jan-cerny added this to the 0.1.80 milestone Dec 8, 2025
@jan-cerny jan-cerny requested review from a team, Mab879 and matusmarhefka as code owners December 8, 2025 16:02
@jan-cerny jan-cerny added the CIS CIS Benchmark related. label Dec 8, 2025
@jan-cerny jan-cerny added the RHEL10 Red Hat Enterprise Linux 10 product related. label Dec 8, 2025
@Mab879 Mab879 self-assigned this Dec 8, 2025
Mab879
Mab879 requested changes Dec 8, 2025
View reviewed changes
Copy link
Member

@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing CCEs.

@jan-cerny
Add accounts_password_pam_unix_enabled to RHEL 10 CIS
9fa4575 
Add rule accounts_password_pam_unix_enabled to RHEL 10 CIS
and update it for RHEL 10. The rule has originally been written
for Ubuntu, it needed modifications for RHEL 10 because the
configuration is little different.

The rule doesn't have remediation on RHEL 10 because the
remediation is covered by a different control in CIS and
users should use authselect to configure PAM modules.
Notice that the remediation code in the CIS requirement
5.3.1.5 is a read-only script.

Resolves: https://issues.redhat.com/browse/OPENSCAP-6125
@jan-cerny
Add CCE
ea3fd4b
@jan-cerny jan-cerny force-pushed the accounts_password_pam_unix_enabled branch from dc56528 to ea3fd4b Compare December 9, 2025 09:38
@openshift-ci
Copy link

openshift-ci bot commented Dec 9, 2025

@jan-cerny: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-openshift-node-compliance ea3fd4b link true /test e2e-aws-openshift-node-compliance
ci/prow/e2e-aws-openshift-platform-compliance ea3fd4b link true /test e2e-aws-openshift-platform-compliance

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@Mab879 Mab879 self-requested a review December 10, 2025 15:07
@Mab879 Mab879 merged commit f789220 into ComplianceAsCode:master Dec 10, 2025
137 of 140 checks passed
@sync-cac-oscal-bot sync-cac-oscal-bot bot mentioned this pull request Dec 10, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mab879 Mab879 Mab879 approved these changes

@matusmarhefka matusmarhefka Awaiting requested review from matusmarhefka matusmarhefka is a code owner

@vojtapolasek vojtapolasek Awaiting requested review from vojtapolasek vojtapolasek is a code owner

Assignees

@Mab879 Mab879

Labels

CIS CIS Benchmark related. RHEL10 Red Hat Enterprise Linux 10 product related.

Projects

None yet

Milestone

0.1.80

Development

Successfully merging this pull request may close these issues.

2 participants

@jan-cerny @Mab879